Blog

Digital Skimmers Are Dangerous For Websites With E-Commerce

If your business website incorporates an e-Commerce platform that allows you to sell directly to your customers, be aware. According to the latest research by the security firm RiskIQ, there are currently more than half a dozen large, well-organized hacking groups targeting businesses just like yours.

These groups are all using the same basic family of malicious code, collectively referred to as Magecart. Their preferred targets are websites that use the Magento e-commerce platform. Although historically, they haven't been bashful about targeting other e-commerce platforms as well.

The gist of how they do their damage amounts to digital skimming. This type of attack is conducted by first penetrating your site's security features. This allows the hackers to inject malicious code onto your site that monitors any transactions that take place when your customers make a purchase from you. In the process, they are "skimming" their payment details and sending them off to a server under the control of the hackers, where they can make use of the payment data for their own purposes.

Given the nature of the attack, there's no outward sign that your customers' payment information has been compromised. They'll only find out later, when transactions they have not authorized begin appearing on their payment card statements.

In tandem with the research conducted by RiskIQ, Malwarebytes security researcher Jerome Segura has uncovered a new twist on the basic Magecart skimming tactic. This new tactic sees attackers injecting e-commerce sites with code that causes it to pop up a malicious iFrame at the time of payment. Then, the user simply hands over their payment data, not suspecting that it's not a normal part of the e-commerce platform.

In whatever way it is accomplished, the researchers following the development and maturation of Magecart attacks all agree on one thing. Once the data has been collected, it is sent to a server somewhere in Russia. Beyond that, the trail becomes too tangled to follow.

Stay alert, and make sure your IT folks are on guard against the threat. Your customers will thank you for it.

No Catch. No Obligation.
Stay ahead of the hackers with tips for setting up safe Work From Home networks and gain an opportunity to receive a FREE Copy of the Business Guide to Setting Up Work from Home or Remote Network Access.

First Name *

Last Name *

Company *

Email *

Phone

“They get the job done right and so efficient!”

Can't tell you how FANTASTIC the people at eTrepid are! Jim, Tom and number one in our eyes, John, keep us on the air and running. You know what we love? They speak our language and then they can speak their computer language to other network techs, so we are out of the loop. I can't stand talking to a support tech person that treats you like a lesser person because you don't speak “computer”. We never get that from eTrepid. They have a great sense of humor and get the job done right and they are so efficient! We are also a 24/7 operation. If I call in the middle of the night, they answer and fix whatever I have broken. They are the best and you can't go wrong with eTrepid!

Tbone & HeatherSOMAR Radio

“eTrepid keeps our IT well protected and secure”

COA does not worry about our IT, whether there’s a new threat, system down or special project, we are confident eTrepid will be there when we need them. Very often they resolve issues before we become aware of them.